PrestaShop XSS injection through Validate::isCleanHTML method · CVE-2023-39527 · GitHub Advisory Database · GitHub

PrestaShop XSS injection through Validate::isCleanHTML method

High severity GitHub Reviewed Published Aug 7, 2023 in PrestaShop/PrestaShop • Updated Nov 12, 2023

Package

prestashop/prestashop (Composer)

Affected versions

= 8.1.0

>= 8.0.0, < 8.0.5

< 1.7.8.10

Patched versions

8.1.1

8.0.5

1.7.8.10

Description

Impact

xss injection through isCleanHTML method

Patches

1.7.8.10
8.0.5
8.1.1

Found by

Aleksey Solovev (Positive Technologies)

Workarounds

References

References

matthieu-rolland published to PrestaShop/PrestaShop

Aug 7, 2023

Published by the National Vulnerability Database

Aug 7, 2023

Published to the GitHub Advisory Database Aug 9, 2023

Reviewed Aug 9, 2023

Last updated Nov 12, 2023

Severity

High

8.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:H/A:H